Replace nokogiri with pure-ruby xml library
Closed this issue · 1 comments
cliffano commented
We currently use nokogiri for xml processing which carries native compilation cost and also libxml dependency which has a vulnerability (even though the vulnerable feature doesn't impact ruby_aem) https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299 .
Since our use case for xml processing is actually simple, we need to look at alternatives such as REXML https://medium.com/tech-batoora/xml-50488ec69b20 , which is pure-ruby and eliminates the nokogiri native compilation cost and the 2-year old vulnerability.
cliffano commented
Closing this issue since this feature has been released as part of version 3.1.0 .